| Results 251 ... 315 found in all logged channels for 'zx2c4'
(trilema) asciilifeform: zx2c4: the distinguishability of keepalives also makes it considerably easier to carry out timing attack on your nonconstanttime ecc engine
(trilema) mircea_popescu: zx2c4 suppose he is sending keepalives, what.
(trilema) asciilifeform: zx2c4: speaking in general of symmetric ciphers -- a known-plaintext instance anywhere in the stream, or even a means of narrowing down possible plaintext, makes for considerably cheaper break
(trilema) mircea_popescu: zx2c4 here's a simple alternative to consider : would you agree the assemblage would be more secure if instead of sending a null payload you sent a random string ?
(trilema) asciilifeform: zx2c4: it would appear that you have a known-plaintext though
(trilema) mircea_popescu: zx2c4 the fundamental problem with "set to empty" is that ciphers can be and many are vulnerable to this, as a particular case of "known plaintext"
(trilema) mircea_popescu: zx2c4 for the public record, make the "this is not the case" distinction plain.
(trilema) asciilifeform: zx2c4: generally you will say !!up to deedbot in pm
(trilema) mircea_popescu: zx2c4 you can voice yourself (permanently) by saying !!up to deedbot ; saves us the trouble.
(trilema) deedbot: zx2c4 voiced for 30 minutes.
(trilema) asciilifeform: i understand the bare fact, zx2c4 . my question is, why do you think the protocol author permitted an unsecured mode as a valid mode of operation ?
(trilema) asciilifeform: zx2c4: granted, but it would appear that the orig spec of 'noise' permits null-ciphering, just like the nsa-authored ssl/tls.
(trilema) mircea_popescu: zx2c4 don't break up your sentences in multi lines, we read everything anyway.
(trilema) a111: Logged on 2018-04-12 15:36 zx2c4: - minimal state machine, as mentioned above, which means 1-RTT: if something goes wrong with a message being dropped, the solution is always to just "start over the protocol", since it's only 1-RTT. this saves amazing amounts of complexity
(trilema) asciilifeform: zx2c4: do i misread ? because in the spec, 'No confidentiality. This payload is sent in cleartext.' ( http://www.noiseprotocol.org/noise.html#message-format section 7.4 )
(trilema) a111: Logged on 2018-04-12 15:28 zx2c4: sure
(trilema) asciilifeform: zx2c4: are you the author of 'noise' protocol ?
(trilema) asciilifeform has 1 more q for zx2c4 , after mircea_popescu finishes
(trilema) mircea_popescu: zx2c4 mind that transfers are not instantaneous.
(trilema) asciilifeform: zx2c4: which you can withdraw using deedbot at your leisure
(trilema) asciilifeform: zx2c4: he just threw a whole bitcoin into your piggy.
(trilema) asciilifeform: zx2c4: they're for mircea_popescu to decrypt; it makes the command go.
(trilema) mircea_popescu: zx2c4 you understand how the logs work btw ?
(trilema) mircea_popescu: !!rate zx2c4 1 j. a. donenfeld, wireguard guy.
(trilema) deedbot: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE registered as zx2c4.
(trilema) mircea_popescu: zx2c4 the tls fails i bet.
(trilema) asciilifeform: zx2c4: i'ma leave the rest of the session to mircea_popescu , owner of this chan, and my co-author in e.g. the FUCKGOATS auditable trng, https://archive.is/CGQkR )
(trilema) mircea_popescu: zx2c4 do me a favour and !!register your key
(trilema) mircea_popescu: o hey there zx2c4
(trilema) asciilifeform: zx2c4: so it is not possible currently for me to learn , which cryptographers reviewed, and what they had said ?
(trilema) asciilifeform: but to move on from this item : zx2c4 how did you select 'blake2' hashing system ?
(trilema) deedbot: zx2c4 voiced for 30 minutes.
(trilema) asciilifeform: zx2c4: does it bother you that no proof of strength for any symmetric cipher other than otp (e.g. aes, chacha, etc ) exists ?
(trilema) asciilifeform: but let's come back to your product, zx2c4 :
(trilema) asciilifeform: zx2c4: i've spent the past ~2yrs writing a properly constant-time arithmetic lib. it is being slowly published. ( see earlier link to my www )
(trilema) asciilifeform: zx2c4: most of the currently-sold intels are ok re : imul. arm, however, is not
(trilema) asciilifeform: zx2c4: this particular architectural sadness is not my discovery
(trilema) asciilifeform: zx2c4: to observe it, you will have to hand-emplace rdtsc around it , and run on properly doctored inputs
(trilema) asciilifeform: zx2c4: phf has been fiddling with the thing's uniturd processing of late; prolly introduced bug
(trilema) asciilifeform: btw zx2c4 , i must regret to inform you that the code you linked, is in fact NOT constant-time on several common architectures, because it makes use of machine MUL instruction ( gcc will compile a nonconstant-operanded '*' to e.g. IMUL on x86 )
(trilema) asciilifeform: zx2c4: which proving system did you use ?
(trilema) deedbot: zx2c4 voiced for 30 minutes.
(trilema) asciilifeform: zx2c4: carry on, but after that let's come back to DH
(trilema) asciilifeform: zx2c4: why did you select diffie-hellman ? ( vs e.g. rsa )
(trilema) asciilifeform: zx2c4: don't go away yet plz. i'd like to ask a few q re your crypto design
(trilema) asciilifeform: hence the interest in zx2c4's published item
(trilema) asciilifeform: zx2c4: how did you select the 'noise' protocol ?
(trilema) asciilifeform: zx2c4: it so happens that i have a few q:
(trilema) asciilifeform: zx2c4: author of 'wireguard' ?
(trilema) asciilifeform: zx2c4: hello ?
(trilema) deedbot: zx2c4 voiced for 30 minutes.
(trilema) ckang: hey mircea_popescu I had a talk to zx2c4 to try and smooth things over a bit
(trilema) a111: Logged on 2018-04-11 04:16 mircea_popescu: "<mircea_popescu> (on #wireguard) zx2c4 (the owner, j. donenfeld) : if you're willing to set two hours apart on any day of your choosing to answer wireguard questions on #trilema, i'm willing to donate 1 btc to your project. let me know, i'm usually on freenode (this nick). thanks & gl." << asciilifeform spyked whoever else might care.
(trilema) ckang: oh theres an interesting read regarding its security flaw, operators. https://lists.zx2c4.com/pipermail/wireguard/2017-November/001969.html
(trilema) mircea_popescu: "<mircea_popescu> (on #wireguard) zx2c4 (the owner, j. donenfeld) : if you're willing to set two hours apart on any day of your choosing to answer wireguard questions on #trilema, i'm willing to donate 1 btc to your project. let me know, i'm usually on freenode (this nick). thanks & gl." << asciilifeform spyked whoever else might care.
|
Download hourly DB snapshot | Get Source Code